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(54) Method! and apparatus for performing a key update using update key 



(57) A system for updating a communications key 
(s) performs an authentication (s) of the unit and/or of 
the communications system using an update key By us - 
ing the update key to perform the authentications) : the 
key update system can reduce communications be- 
tween a home communications system and a visiting 
communications system by sending the update key to 
the visiting communications system while maintaining 
the communications key at the home communication 
system. For example, in performing a key update, the 
home communications system generates .a communi- 
cations key, such as a new authentication key SSD-A- 
NEW, using a sequence RANDSSD generated at the 
home communications system and a secret key A- KEY 
maintained at the home communications system and at 



the unit The home communications system generates 
the update .key SSD-KEY also using the sequence 
RANDSSQ and the secret key A- KEY. The home com- 
munications system sends the update key SSD-KEY 
and the sequence RANDS SO lo the visiting communi- 
cations system, and the visiting communications system 
sends the sequence RANDSSD to the unit. The unit 
generates the new communications key, such as the 
new authentication key SSD-A-NEW, and the update 
key SSD-KEY in the same manner as the home com- 
munications system. Because the visiting communica- 
tions system has the update key SSD-KEY, the visiting 
authentication system can generate the signature value 
(s) AUTHSSD and/or AUTHBS using the update key at 
the visiting communications system to authenticate the 
unit and/or the communications system. 
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Description 

BACKGROUND OF THE l^VENTIQM 

1, Field of The Invention 

[0001] The present invention relates Id communica- 
tions; mors specifically, the updating of keys or other in- 
formation used by communicating parties, 

2, Description of Related Art 

[0002] A typical wireless communications system pro- 
vides wireless communications services to wireless 
units within a geographic region. A Mobiie Switching 
Center (MSG) is responsible for, among other things, es- 
tablishing and maintaining calls between the wireless 
units and calls between a wireless unit and a wireline 
unit, As such, the MSG interconnects the wireless units 
Within Its geographic region with a public switched tele- 
phone network. The geographic area serviced by the 
MSG is divided into spatially distinct areas called "cells. 
" Each ceil is schematically represented by one hexagon 
in a honeycomb pattern; in practice, however each cell 
has an irregular shape that depends on the topography 
of the terrain surrounding the cell. Typically, each cell 
contains a base station, which comprises the radios and 
antennas that the. base station uses to communicate 
with the wireless units in that cell. The base stations also 
comprise the transmission equipment that the base sta- 
tion uses to communicate with the MSG in the geograph- 
ic area. 

[0003] The jvISC use a signaling network, which ena- 
bles the exchange of information about the wireless 
units within the respective geographic service area tor 
location validation and call delivery to wireless units 
which are roaming in other geographic service areas. 
When a wireless unit attempts communications with the 
wireless communications system, the wireless commu- 
nications system authenticates or verifies .the wireless 
unit's Identity before allowing the wireless unit access 
to the wireless communication system. FIG, 1 depicts a 
portion of a typical wireless communications system 5 
which provides wireless communications sen/ices 
through a base station 10 to a geographic region 12, 
such as a cell or sector; associated with the base station 
10. When a wireless unit 14 within the celi 12 first reg- 
isters or attempts communications with the base station 
10, the wireless unit 14 is authenticated or the wireless 
unit's identity is verified before allowing the wireless unit 
14 access to the wireless communication system. The 
home network or home communications system for the 
wireless unit 14 can be a collection of ceils making up 
a cellular geographic service area where the wireless 
unit 1 4 resides and is typically the network controlled by 
the service provider that has contracted with the wire- 
less unit's owner to provide wireless communication 
services, When wireless unit 14 is In a network other 



than its home network, it is referred to as being in a vis- 
iting communications network or system, if the wireless 
unit 14 is operating in the visiting communication sys- 
tem, the authentication of the wireless unit by base sta- 
ff tion 1 0 will involve communicating with a home authen- 
tication center 16 of the wireless unit's home communi- 
cations system. The home authentication center 1 6 can 
be a stand-alone center or connected to, associated 
with, integrated with and/or co-located with the MSG as- 
10 soclated with the home communications system (the 
home MSG), and the visiting authentication center 18 
can be in a stand-alone center or connected to, associ- 
" ated with, Integrated with and/or co-located with the 
MSG associated with the visiting communications sys- 
15 tern (the visited MSG), 

[0004] in the example of FIG. 1 , the wireless unit 14 
is in a visiting communications system. As a result, the 
authentication of the wireless unit 14 involves commu- 
nicating with the home authentication center 18 of the 
20 wireless unit's home communications system. When the 
wireless unit 14 attempts to access the visiting commu- 
nications system, base station 10 communicates with a 
visiting authentication center 18 of the visiting commu- 
nication system, The visiting authentication center 18 
25 determines from a wireless unit or terminal identifier, 
such as the telephone number of wireless unit 14, that 
the.wireless unit 14 is registered with a system that uses 
home authentication center 16. Visiting authentication 
center 1 8 then communicates with home authentication 
30 center 1 8 over a network, such as a signaling network 
20 under the standard identified as T1A/EIA-41-D enti- 
tled "Cellular Radiotelecommunicatlons. Intersystem 
Operations," December 1 997 ("13-41"). 
[GQG5] Home authentication center 1 8 then accesses 
35 a home location register (MLR) 22 which has a registra- 
tion entry for wireless unit 14. Home location register 22 
may be associated with the-wireless unit by an Identifier 
such as the wireless unit's telephone number. The infor- 
mation contained In the home location register 22 can 
40 include and/or is used to generate authentication and/ 
or encryption keys, such as a shared secret data (SSD) 
or communications key used to further secure commu- 
nications between the wireless unit: and the communi- 
cations system, in a typical wireless communications 
45 system, both the wireless unit and the wireless commu- 
nications system have a secret value called A-KEY. The 
wireless communications system uses the A-KEY and 
a randomly generated sequence RANDSSD to gener- 
ate a shared secret data (SSD) value or communica- 
te Hons key The communications key SSD can be divided 
Into communications keys having different functions, for 
example an authentication key SSD-A (Shared Secret 
Data A) and an encryption key SSD-B (Shared Secret 
Data B). The SSD -A value is used for authentication pre- 
ss cedures, and the SSD-B value is used for key genera- 
tion and encryption procedures, 
[0006] To authenticate the wireless unit 14 attempting 
access to the visiting communications system, the home 
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communications system supplies information, such as 
a random number sequence or challenge RAND, to the 
visiting communications system which transmits the 
random number RAND to the wireless unit 14 so that 
wireless unit 14 can respond with a signature value AU- 
THR derived using the authentication key (SSD-A) and 
the random number RAND, if the home communications 
system does not share the communications key with the 
vissting communications system, the signature value 
AUTHR generated by the wireless unit is sent to the 
home communications system to bo compared with a 
signature value AUTHR generated at the home commu- 
nications system in the same manner as the unit 14, If 
the signature values match, the wireless unit 14 is au- 
thenticated. 

[0007] if the home authentication center 18 deter- 
mines that the communications key value SSD needs 
to be updated, for example because certain criteria in- 
dicate that the SSD may be compromised, the SSD val- 
ue associated with the wireless unit 14 can be updated. 
FIG. 2 shows the SSD update procedure followed by the 
standard identified as TIA/EIA-95-B entitled "Mobile 
Station-Base Station Compatibility Standard for Dual- 
Mode Spread Spectrum Systems" ("I3-95B") between 
the wireless unit and the wireless communications sys- 
tem. The wireless communications system can Include 
the serving base station, the visiting authentication cent-* 
er, the visitor location register, the home authentication 
center, the home location register the visited MSG and/ 
or the home MSG. 

[0008] To initiate the key update in this embodiment, 
the home authentication center 1 8 creates an update 
sequence RANDSSD. Using the RANDSSD sequence, 
the A-key and the ESN of the wireless unit as inputs to 
a cryptographic function, such as a SSD generation pro- 
cedure 30, the home authentication center 1 6 generates 
a new key value (SSD-NEW). The home authentication 
center sends the RANDSSD sequence through the vis- 
iting authentication center and the serving base station 
in an update message, such as an SSD update mes- 
sage 32, to the wireiess unit 14, The wireless unit 14 
provides the RANDSSD sequence received from the 
communications system and generates the new com- 
munications key in the same manner as the communi- 
cations system. For example, the wireless unit 14 pro- 
vides RANDSSD, the A-key and the electronic serial 
number {ESN}, which are stored at the wireiess unit, to 
a cryptographic function such as an SSD key genera- 
tion procedure 34. The SSD key generation procedure 
34 generates the SSD-NEW which is divided into SSD- 
A-NEW and SSD-B-NEW. The SSD generation proce- 
dures 30 and 34 implement the CAVE algorithm using 
a random number RANDSSD, ESN and the value A- 
KEY as inputs. The GAVE algorithm is well known in the 
art as a one-way function which inhibits the determina- 
tion of the inputs to the function given the output. 
[0009] Before accepting the new SSD values to be 
used in authentication and encryption procedures, the 



wireless unit validates the SSD-NEW and thereby au- 
thenticates the communications system. To do so, the 
wireless unit generates a random number RAN DBS 
challenge at block 36. The wireless unit provides RAND- 
* BS and SSD-A-NEW along with additional data, such 
as the ESN and/or an AUTH...DATA string derived from 
an international mobile station identification number 
(IMSi), to a cryptographic function, such as a signature 
procedure 38, The signature procedure 38 generates 
10 the signature value AUTHBS. The wireless unit also 
sends tho RANDBS to the wireiess communications 
system, for example as part of a base station challenge 
37, Using a corresponding cryptographic function, such 
as a signature procedure 40, the wireless communica- 
te fions system derives AUTHBS using RANDBS from the 
■ wireiess unit; SSD-A-NEW from the SSD generation 
procedure 30 and the additional data, such as the ESN 
and/orthe AUTH.__.DATA, used by the wireiess unit to de- 
rive AUTHBS, 

£0 [0010] The wireless communications system sends 
the AUTHBS value generated by the signature proce- 
dure 40 to the wireless unit, for example in a base station 
challenge confirmation order 41. At block 42, the wire- 
less unit compares the AUTHBS value generated at the 

25 wireless unit with the AUTHBS value sent from the sys- 
tem, if the comparison is successful, the wireiess unit 
1 4 directly validates the SSD-NEW and thereby authen- 
ticates the communications system. The wireless unit 
1 4 sets the SSD-A value to SSD-A-NEW and the SSD 

30 b value to SSD-B-NEW. The wireless unit then sends 
an SSD update confirmation 43 to the home authenti- 
cation center indicating successful completion of the 
SSD update. Upon receipt of the SSD update confirma- 
tion , the home authentication center sets SSD-A and 

a* SSD-BtotheSSDA-NEWandSSD-B-NEWvaluesgen- 
erated by the system. 

[Q01 1 ] After the SSD update procedure, the wireless 
communications system typically authenticates the 
wireless unit to ensure the validity of the new SSD key 

40 value, for example to ensure that the wireless unit has 
properly calculated the new SSD key. The wireiess com- 
munications system generates a sequence, such as a 
random challenge RANDU, and sends the sequence 
RANDU to the wireless unit, for example in an authsn- 

45 tication challenge message 44. Upon receipt of the au- 
thentication challenge message 44, the wireless unit 14 
provides at least a portion of sequence RANDU to a 
cryptographic function, for example to an authentication 
signature procedure 48 with the inputs ESN, 

so AUTHJDATA, SSD-A and a RANQ__ CHALLENGE de- 
rived from RANDU and IMSi. The authentication signa- 
ture procedure 45 generates the authentication signa- 
ture value AUTHU as the output of the GAVE algorithm 
using the RAND. CHALLENG E, ESN, AUTH _ DATA and 

55 SSD-A as inputs, The wireiess communications system 
generates the authentication signature value AUTHU 
using the authentication signature procedure 48 in the 
same fashion. The wireiess unit then transmits the value 
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AUTHU calculated by the wireless unit to the wireless 
communications system. The wireless communications 
system compares the value AUTHU calculated by the 
system and the AUTHU value received from the wire- 
less unit at block 50. It the values match, the wireless 
communications system has validated the new SSD val- 
ue, and the wireless uniL is authenticated. 
[0012] If the wireless unit 1 4 is in a visiting communi- 
cations system and the home communications system 
does not share the new communications key SSD-NEW 
with the visiting communications system for whatever 
reason, the visiting communications system merely acts 
as a conduit for communications between the wireless 
unit and the home communications system. As such, the 
above-described key update requires extensive com- 
munications between the home communications sys- 
tem and the visiting communications system in orderfor 
the wireless unit to authenticate the communications 
system. Additionally the key update in the above 
scheme is followed by a separate authentication of the 
wireless unit by the communications system to ensure 
the validity of the SSD, thereby authenticating the wire- 
less unit from the perspective of the communications 
system. Although providing mutual authentication of the 
wireless unit and the communications system, the sep- 
arate authentication provides additional communica- 
tions between the visiting communications system and 
the home communications system. 
[0013] For example. FsQ, 3A shows how a wireless 
unit 14 is authenticated within a visiting communications 
system that is compatible with the IS- 41 signaling stand- 
ard. Both the wireless unit 14 and a home communica- 
tions system -60 contain a secret value caiied A- KEY. 
When the wireless unit 14 requests access to a visiting 
system 82, the visiting system 82 requests data from the 
home system 80. Inthis embodiment, the home location 
register 22 (RG. 1 ) associated with the wireless unit 1 4 
is located using an identifier, such as the wireless units 
telephone number The HLR 22 for the wireless unit 14 
stores the secret value or key A- KEY which is used to 
generate the new communications key SSD-NEW. The 
SSD-NEW can be calculated by performing a CAVE al - 
gorithm using at least the sequence RANDSSD and the 
A- KEY as inputs. The CAVE algorithm is well known in 
the art and is specified in the IS-41 standard. 
[00141 The home system 80 transfers the value 
RANDSSD to the visiting system, and the visiting sys- 
tem transmits the RANDSSD value to the wireless unit 
14. The wireless unit 14 then calculates SSD in the 
same fashion as calculated by the home system 80 as 
shown by the equation SSD-A-NEW, SSD-B-NEW = 
CAVE A _ KE r Y (RANDSSD). The wireless unit 14 then 
sends the value RANDBS to the visiting system 82, and 
the visiting system 82 sends the value RANDBS to the 
home system 80. Using a corresponding cryptographic 
function, the home system 80 derives AUTHBS using 
RANDBS from the wireless unit 14. The home system 
80 sends the AUTHBS value to the visiting system 62, 



and the visiting system 82 sends the AUTHBS value to 
the wireless unit 14. The communication of RANDBS to 
the home system 80 and the reply of the AUTHBS from 
the home system is a transaction which can be referred 

s to as an authentication request or base station chal- 
lenge. The wireless unit 1 4 compares the AUTHBS val- 
ue generated at the wireless unit 14 with the AUTHBS 
value sent from the system. If the comparison is suc- 
cessful, the wireless unit will set the SSD-A value to 

10 S8D-A-NEW and the SSD-B value to SSD-B-N EW. The 
wireless unit then sends an SSD update confirmation 
order to the home system 80 through the visiting system 
82 indicating successful completion of the SSD update. 
The communication of RANDSSD from the home sys- 

15 tern 80 and the receipt of the SSD update confirmation 
is a transaction which can be referred to as an authen- 
tication directive (AUTHDIR). Upon receipt of the SSD 
update confirmation order, the home system 80 sets 
8SD-A and SSD-B to the SSD-A-NEW and SSD-B- 

20 NEW values generated by the system, 

[0015] Afterward, in the embodiment of FIG. 3A, the 
home system 60 initiates what can be referred to as a 
second authentication directive challenging the wireless 
unit 14 by sending a random number challenge RANDU 

25 to the wireless unit 1 4. The home system 60 sends the 
value RANDU to the visiting system 82 which sends the 
value RANDU to the wireless unit 14. Both the wireless 
unit 1 4 and home system 60 calculate the value AUTHU 
where AUTHU is equal to the output of a cryptographic 

30 function, such as the CAVE algorithm, using the random 
number RANDU and the SSD-A value as inputs as 
shown by AUTHU - CAVE SSD _ A (RAND). The wireless 
unit 14 then sends the calculated value AUTHU to the 
visiting system 82 3 and ihe visiting system 62 sends the 

55 AUTHU value received from the wireless unit 14 to the 
home system 80. If the value AUTHU from the wireless 
unit 14 matches with the AUTHU value calculated at the 
home system 80, the new SSD value is validated from 
the perspective of the home system 60, and the wireless 

40 unit 14 is authenticated and given access to the visiting 
system, 

[0018] FIG. 3B shows an alternative implementation 
for performing an update of the SSD key in which the 
authentication of the home system and the wireless unit 

45 is performed. In this implementation, the home system 
50 generates the value RANDSSD then calculates 
SSD-A-NEW as shown by the equation SSD-A-NEW", 
SSD-B-NEW = CAVE A _ KE y{ RANDSSD). The home 
system can also generate the value RANDU, and given 

50 SSD-A-NEW, the home system 60 can calculate AU- 
THU, The horns system then sends RANDSSD along 
with RANDU and AUTHU to the visiting system 62. The 
visiting system 62 then forwards RANDSSD to the wire- 
less unit 14 for the wireless unit to calculate SSD-A- 

& NEW, The wireless unit 14 then sends the value RAND- 
BS to the visiting system 82, and the visiting system 82 
sends the value RANDBS to the home system 80. Using 
a corresponding cryptographic function, the home sys- 
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tern 80 derives AUTHBS using RAN DBS from the wire- 
less unit 14. The horns system 80 sends the AUTHBS 
value to the visiting system 62, and the visiting system 
62 sends the AUTHBS value to the wireless unit 1 4, The 
wireiess unit 14 compares the AUTHBS value generat- 
ed at the wireless unit 14 with the AUTHBS value sent 
from the system, it the comparison is successful, the 
wireless unit will set the SSD-A value to SSD-A-NEW 
and the SSD-B value to SSD-R-NEW, 
[0017] The wireless unit then sends an SSD update 
confirmation order to the home system 60 through the 
visltsng system 62 Indicating successful completion of 
the SSD update. Upon receipt of the SSD update con- 
firmation order, the home system 60 sets SSD-A and 
SSD-BtolheSSDA-NEW and SSD-B-NEW values gen- 
erated by the system. Now, because RANDU and AU- 
THU are already at the visiting system 62, the visiting 
system 62 sends RANDU to the wireless unit 14. The 
wireiess unit 1 4 uses the RANDU value to calculate AU- 
THU and send AUTHU to the visiting system 62. it the 
value AUTHU from the wireless unit 14 matches with 
the AUTHU value calculated at the home system 60 . the 
visiting system 32 sends an authentication report to the 
home system 80 regarding the SSD update to which the 
home system 80 responds with an acknowledgment 
(ACK) signal. 

[0018] The above described key update and/or the 
subsequent authentication of the wireless unit use assg- 
niflcant number of communications between the home 
system and the visiting system which consume system 
resources if the home communications system retains 
the communications key, 

SUMMARY QFTHE INVEMjON 

[0019] The present invention involves a system for 
updating a communications key(s) by performing an au- 
thentication (s) of the unit and/or of the communications 
system using an update key. By using the update key to 
perform the authentications), the key update system 
can reduce communications between a home commu- 
nications system and a visiting communications system 
by sending the update key to the visiting communica- 
tions system while maintaining the communications key 
at the home communication system. For example, in 
performing a key update, the home communications 
system generates a communications key, such as a new 
authentication key SSD-A-NEW, using a sequence 
RANDSSD generated atthe home communications sys- 
tem and a secret key A-KEY maintained at the home 
communications system and at the unit. The home com- 
munications system generates the update key SSD- 
KEY also using the sequence RAN DSSD and the secret 
key A-KEY, The home communications system sends 
the update key SSD-KEY and the sequence RANDSSD 
to the visiting communications system, and the visiting 
communications system sends the sequence 
RANDSSD to the unit. The unit generates the new com- 



munications key. such as the new authentication key 
SSD-A-NEW, and the update key SSD-KEY in the same 
manner as the home communications system. Because 
the visiting communications system has the update key 
5 SSD-KEY, the visiting authentication system can gener- 
ate the signature' value(s) AUTHSSD and/or AUTHBS 
using the update key atthe visiting communications sys- 
tem to authenticate the unit and/or the communications 
system, 

10 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0020] Other aspects and advantages of the present 
invention may become apparent upon reading the fol- 
15 lowing detailed description and upon reference to the 
drawings in which: 

FIG. 1 shows a general diagram of a wireless com- 
munications system in which the key update using 

20 an update key according to the principles of the 
present invention can be used; 
FIG . 2 illustrates a key update and separate authen - 
tication procedure used between a wireless unit and 
a wireless communication system based on I8-95B; 

23 F\&s, 3A and 38 show the communications be- 
tween a wireless unit, a visiting communications 
system and a home communications system for the 
update process in a typical network, such as an IS- 
41 compliant network; 

3Q FIG . 4 shows an embodiment of the key update sys- 
tem using an update key for authenticating the com- 
munications system according to the principles of 
the present invention; 

FIG. 5A illustrates a method for producing an up- 
35 date key and a communication key in performing a 
key update with mutual authentication according to 
principles of the present invention; and 
FIG SB shows a flow diagram of an embodiment of 
the key update suystem using an update key to per- 
40 form a mutual authentication according to principles 
of the present invention. 

DETAILED DESCRIPTION 

45 [G021] An illustrative embodiment of the key update 
using an update key according to the principles of the 
present Invention is described below which provides an 
improved key update procedure between a unit, such 
as a wireless unit and a communications system, such 

50 as a wireless communications system. For example, a 
communications system can initiate an update of a com- 
munications key } such as a shared secret data (SSD) 
key, if certain criteria indicate that the communications 
key may be compromised or for any other reason (for 

55 example, to be initialized). The communications key is 
a key used by the unit and the communications system 
to further secure communications between the unit and 
the communications system. The communications key 
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or portions thereof can be an authentication key, an en- 
cryption key, a key generation key and/or an integrity 
key used to digitally sign the contents of communica- 
tions, The communications key SSD can be divided into 
other communications keys, such as an authentication 
key SSD-A and an encryption key SSD-3. The SSD-A 
& used in authentication procedures, and the SSD-B Is 
used in key generation, for example in generating the 
cipher key Kc, or in encryption procedures. The key up- 
date system updates the communications key, and 
thereby the authentication key used in performing au- 
thentication of the unit by the communications system, 
which can inciudethe home and/or visiting communica- 
tions systems, using an update key. In the described 
embodiments, the update key is generated as pari of 
the update procedure in addition to the communications 
key and used to perform authentication (s) during the up- 
date of the communications key. Depending on the em- 
bodiment and/or whether the wireless unit is registering 
with a visiting or home communications system, the key 
update system and portions thereof can be implement- 
ed In different portions of the communications system, 
such as the serving base station, the visiting authenti- 
cation center, the visited MSC f the visitor location reg- 
ister, the home location register, the home MSG and/or 
the home authentication center. 
[0022] in performing the key update, the communica- 
tions system generates a new communications key (for 
example the new communications key SSD-NEW or the 
new authentication key SSD-A-NEW) using at least the 
secret value A -KEY associated with the unit, in accord- 
ance with an aspect of. the present invention, the com- 
munications system generates the update key, which is 
different than the new communications key(s), using at 
least a portion of the secret value A- KEY and/or at least 
a portion of the information used to generate the new 
communications key(s). The unit authenticates the com- 
munications system using the update key, and/or the 
communications system updates the unit using the up - 
date key. Once the authentication is performed; the unit 
and the communications system update the communi- 
cations key(s) with the new communication key(s) to en- 
able further communications between the unit and the 
communications system . and the update key can be dis- 
carded. As such, the update key can be treated as a 
temporary key to be used to perform authentication (s) 
during the update of the communications key(s), 
[0023] FIG. 4 shows an embodiment 83 of a key up- 
date system using an update key SSD-KEY where the 
communications key SSD (the authentication key SSD- 
A along with the encryption key SSD-B) is updated after 
a unit 84 authenticates a communications system 65 us- 
ing the update key, A unit 64 and the communications 
system 65 each have a secret value A -key associated 
with the unit 84. When performing an update of a com- 
munications key SSD S the communications system cre- 
ates a RANDSSD sequence which is provided to the unit 
64. The sequence RANDSSD can be a random number, 



a pseudo-random number which repeats after a certain 
period or the output of an ever-increasing counter the 
received vaiue of which cannot be less than or equai to 
a previously received value. The communications sys- 
s tern 65 calculates a new communications key 8SD- 
NEW by taking the output of a cryptographic function 67 
(F0) using the sequence RANDSSD and the secret key 
A-key as inputs. The communications system 85 also 
calculates an update key SSD-KEY by taking the output 
30 of a cryptographic function 68 (F1) using the sequence 
RANDSSD and the secret key A-key as inputs. 
[0G24] In this embodiment the cryptographic function 
67 is different than the cryptographic function 83, there- 
by resulting in an update key SSD-KEY which is different 

*5 jhanthe new communications key SSD-NEW or at least 
different than the-authantication key SSD-A-NEW. For 
example, given the inputs RANDSSD and A-KEY, the 
cryptographic functions 67 and 68 produce SSD-KEY 
and the new communications key SSD-NEW as unre- 

20 ted outputs where, given one of the outputs, the other 
output cannot be predicted. Depending on the embodi- 
ment, the cryptographic functions 87 and 88 could be 
the same or different while using different portions of the 
sequence RANDSSD and A-KEY as inputs to generate 

25 an update key which is different than the authentication 
key. Depending on the embodiment the key update sys- 
tem can use additional input(s) to the key generation 
procedure 67 and/or 68. for example a value which is 
characteristic of the wireless unit or the subscription, 

30 such as the ESN and/or IMS1. The key generation pro- 
cedures 67 and/orG8 implement the CAVE algorithm us- 
ing the random number RANDSSD and the value A- 
KEY as inputs as well as any additional inputs. The 
CAVE algorithm is well known in the art as a one-way 

35 function. Other generation procedures can be used 
[0025] The communications system 65 sends the up- 
date sequence RANDSSD to the unit 64, and the \ir\W 
64 generates the new communications key SSD-NEW 
and the update key SSD-KEY In the same manner as 

40 the communications system 85. To authenticate the 
communications system 65, the unit generates an up- 
date sequence RAN DBS and sends the sequence 
RAN DBS to t he communications system 65. The se- 
quence RANDB8 can be a random number, pseudo- 

45 random number Wf\\ch repeats after a certain period or 
the output of an ever-increasing counter the received 
value of which cannot be iess than or equal to a previ- 
ously received value. The unit 64 generates a signature 
vaiue AUTHBS using at least the sequence RAN DBS 

50 and the update key generated at the unit 64. To generate 
AUTHBS. the unit provides RAN DBS and SSD-KEY 
along with any additional data, such as the RANDSSD, 
ESN and/or an AUTHJDATA string derived from an In- 
ternationa! mobile station identification number (IMS!). 

& to a signature procedure 69. Depending on the embod- 
iment, the signature procedure 69 is a cryptographic 
function which could use different inputs to the signature 
procedure 69, The signature generation procedure 69 



6 



SNSDOCtD: <EP. 



n24401A2_l_5. 



11 



EP1 124 401 A2 



can implement the CAVE algorithm using the random 
number RANDBS and the update key SSD-KEY as in- 
puts as well as any additional inputs. 
[0028] The key generation procedures 87 and 68 and 
the signature procedure 69 can be hash functions or any 
one-way cryptographic function, such as the CAVE al- 
gorithm and/or SNA- 1, Other generation procedures 
can be used. Hash functions can be characterized as 
one way functions {a function for which it is not leasable 
to regenerate the inputs given the output), as functions 
which produce a many to one mapping of inputs to out- 
puts, and/or as functions which produce outputs with 
less information than the inputs, thereby the inputs are 
difficult to ascertain given the output. In such functions, 
the output is referred to as a signature of the input. 
[0Q27] The communications system 65 generates a 
signature value AUTHBS using the update key SSD- 
KEY generated at the communications system 85 and 
the sequence RAN DBS received from the unit 84 as in- 
puts to signature generation proceduro 69 in the same 
manner as the unit 84. The communications system 65 
sends AUTHBS to the unit 64. The unit 64 authenticates 
the communications system 85 by comparing the signa- 
ture value AUTHBS received from the communications 
system 85 with a signature value AUTHBS generated 
at- the unit 64. The unit 64 info mis the communications 
system 85 of the results of the comparison. After the unit 
64 authenticates the communications system using the 
update key SSD-KEY, thecommunicatsons key is updat- 
ed with the new communications key, and the update 
key can be discarded. 

[0028] in the embodiment described below of FIG. 4. 
the communications system 85 can further include a 
home communications system 70 and a visiting commu- 
nications system 71 . In accordance with another aspect 
of the present invention, the home communications sys- 
tem 70 sends the update key SSD-KEY to the visiting 
communications system 71 along with information for 
the unit to use in determining the communications key 
(s) and/or the update key. The visiting communications 
system 71 and the unit 64 perform an authentication us- 
ing the update key, thereby enabiing a reduction in the 
number of communications between the home commu- 
nications system 70 and the visiting communications 
system 71, and the home communications system 70 
can retain the new communications key(s) at the home 
communication system 71 at least until after the key up- 
date is complete. 

[0029] in this embodiment a home communications 
system 70 generates a new communications key(s) 
SSD-NEW using at least the update sequence 
RANDSSD and the secret value A- KEY stored In the 
home communication system 70 and associated with 
the unit 84 or portions thereof. The home communica- 
tions system 70 also generates the update key using at 
least the update sequence RANDSSD and the secret 
value A-KEY or portions thereof In the same manner as 
the unit 84 as described above. The home communica- 



tions system 65 sends the update sequence RANDSSD 
and the update key SSD-KEY to the visiting communi- 
cations system 71 in an update directive 72, and the vis- 
iting communications system 71 sends in a message 73 

s the update sequence RANDSSD to the unit 84 where 
ihe new communications key SSD-NEW (including the 
communications keys SSD-A-NEW and SSD-B-NEW in 
this embodiment) and the update key SSD-KEY are 
generated in the same manner as in the home commu- 

w nicattona system 70. The unit 64 generates a challenge 
sequence RANDBS and a signature value AUTHBS us- 
ing the update key and the challenge sequence RAND 
BS (including portions thereof) as inputs to the crypto- 
graphic function 89. 

15 [0030] The unit 84 sends the challenge sequence 
RANDBS in a message 74 to the visiting communica- 
tions system 71 where the visiting communications sys- 
tem 71 generates a signature value AUTHBS using at 
least the update key SSD-KEY and the sequence 

50 RANDBS as Inputs to the cryptographic function 89. 
Rather than forward RANDBS to the home communica- 
tions system 106 to generate AUTHBS and have the 
home communications system 70 send AUTHBS to ihe 
visiting communications system 71, the communica- 

* 5 tions can be reduced by sending the update key SSD - 
KEY to the visiting communications system 71 which 
generates the signature value AUTHBS in the same 
manner as the unit 84. The visiting communications sys- 
tem 71 sends AUTHBS in a message 76 to the unit 64. 
The unit 84 authenticates the communications system 
by comparing the signature value AUTHBS received 
from the visiting commu nications system 71 with the sig- 
nature value AUTHBS generated at the unit 64. The unit 
64 informs the visiting communications system 71 of the 

&5 results of the comparison in a message 77, and the vis- 
iting communications system 71 informs the home com- 
munications system 70 of the results of the comparison 
in a message or authentication report 78. After the unit 
84 authenticates the communications system using the 

40 update key ; the communications key SSD (including the 
authentication key SSD-A) is updated with the new corn- 
. munications key SSD-NEW (including the new authen- 
tication key SSD-A-NEW). As such, the new authenti- 
cation key was not shared with the visiting communica- 

45 tion system 71 , nor were signature values used in the . 
authentication^) calculated using the new authentica- 
tion key. The home communications system 70 can now 
share the communications key, such as the communi- 
cations key SSD-A, with the visiting communications 

so system 71 or not. and the update key can be discarded 
or not. 

[Q031 j I n accordance with an aspect of the present in- 
vention, FIG. 5A shows an embodiment of a key and 
signature value generation procedure 80 to generate 
55 [he update key SSD-KEY and using the update key to 
generate signature values AUTHSSD and AUTHBS 
used by the unit and the communications system to mu- 
tually authenticate each other in performing a key up- 
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date. The unit and the communications system each 
have a secret value A~key associated with the unit. 
When performing sn update of a communications key, 
such as a communications key SSD (including an au - 
thentication key SSD-A and an encryption key S8D-B), 
the communications system creases the update se- 
quence RANDSSD which is provided to the unit. The 
sequence RANDSSD can be a random number, a pseu- 
do-random number which repeats after a certain period 
or the output of an ever-increasing counter the received 
value of which cannot be less than or equal to a previ- 
ously received value. 

[0032] The communications system calculates a new 
communications key SSD-NEW by taking the output: of 
a cryptographic function 82 (F0) using the sequence 
RANDSSD and the secret key A-key as inputs. The 
communications system also caic spates an update key 
SSD-KEY by taking the output of a cryptographic func- 
tion 84 (F1) using the sequence RANDSSD and the se- 
cret key A-KEY as inputs, in this embodiment, the cryp- 
tographic function 82 is different than the cryptographic 
function 84, thereby resulting in an update key which is 
different than the new communications key SSD-NEW 
or at least different than the authentication key SSD-A- 
N EW. Depending on the embodiment, the cryptograph ic 
functions 82 and 84 cou id be the same or different while 
using different portions of the sequence RANDSSD and 
A-KEY as inputs to generate an update key which is dif- 
ferent than the new communications key SSD-NEW or 
at least different than the authentication key SSD-A- 
NEW. Depending on the embodiment, the key update 
system can use additional input(s) to the key generation 
procedure 82 and/or 84, for example a value which is 
characteristic of the wireless unit or the. subscription, 
such as the ESN and/or IMSK The key generation pro- 
cedures 82 and/or 84 implement the CAVE algorithm us- 
ing the random number RANDSSD and the value A- 
KEY as inputs as well as any additional inputs. The 
CAVE algorithm is weil known in the art as a one-way 
function. Other generation procedures can be used, 
[0033] After receiving RANDSSD from the communi- 
cations system, for example sn an SSD update mes- 
sage, the unit can generate the new communications 
key SSD-NEW and the update key SSD-KEY in the 
same manner as the communications system. After 
generating the new communications key value (SSD- 
NEW), the unit and thecomrrtunications system can per- 
form authentications using the update key (SSD-KEY). 
To do so, the unit generates a number or sequence 
RANDBS, such as a random number challenge. The se- 
quence RANDBS can be a random number, pseudo- 
random number which repeats after a certain period or 
the output of an ever- increasing counter the received 
value of which cannot be less than or equal to a previ- 
ously received value, if the unit authenticates the com- 
munications system, for example using a signature val- 
ue derived from the sequence RANDBS. and the com- 
munications system authenticates the unit for example 



using a signature value derived from the sequence 
RANDSSD, the communications system and the unit 
are involved in a mutual authentication, but not neces- 
sarily an interlocking mutual authentication. In this em- 
5 bodiment, an interlocking, mutual authentication is per- 
formed using the update key because RANDBS gener- 
ated by the urtN and RANDSSD generated by the com- 
munications system are both used in generating each 
of the signature values AUTHSSD and AUTHBS used 

10 in the authentications by the unit and the communica- 
tions system. By using the random sequence from the 
communications system (RANDSSD) and the random 
sequence from the unit (RANDBS) to generate the sig- 
nature values involved in the mutual authentication, the 

15 authentications by the unit and the communications sys- 
tem are interlocking and not vulnerable to a "Replay" 
attack where a Random number challenge and corre- 
sponding signature value is obtained and can be repeat- 
edly used to gain unauthorized access to the unit and/ 

20 or the system. 

[0034] Depending on the embodiment., the update key 
can be used to generate at ieast one signature value in 
a single, mutual and/or interlocking authentication be- 
tween the unit and the communications system, in this 

25 embodiment the unit provides RANDBS, RANDSSD 
and SSD-KEY along with any additional data, such as 
the ESN and/or an AUTH_DATA string derived from an 
international mobile station identification number (I MSI), 
to a signature procedure 88. The signature procedure 

so 86 generates the signature value AUTHSSD. The unit 
provides RANDBS, RANDSSD and SSD-KEY along 
with any additional data, such as the ESN and/or an 
AUTH...DATA string derived from an international mobile 
station identification number (IMSI), to a signature pro- 

35 cedure 88. The signature procedure 88 generates [he 
signature value AUTHBS. 

[QQ3B] Depending on the embodiment, the signature 
procedures 88 and 88 are cryptographic functions which 
could be the same or different whiie using different por- 

40 tions of the values RANDBS. RANDSSD and/or SSD- 
KEY or values derived therefrom as inputs. Depending 
on the embodiment, the key update system can use dif- 
. ferent inputs to the signature procedure 86 and/or 88, 
for example RANDBS could be removed as an input to 

45 the signature procedure 88 and RANDSSD removed as 
an input to signature procedure 88. As such, the mutuai 
authentication would no longer be interlocking. The sig- 
nature generation procedures 88 and/or 88 can imple- 
ment the CAVE algorithm using the random number 

so RANDSSD, RANDBS and the up6aie key SSD-KEY as 
inputs as weil as any additional inputs. The CAVE algo- 
rithm is well known In the art as a one-way function. Oth- 
er generation procedures can be used. 
[0038] The communications system determines 

55 AUTHSSD in the same manner as the unit. In this em- 
bodiment, the communications system receives RAND- 
BS from the unit and generates AUTHSSD using the up- 
date key SSD-KEY, RANDSSD and RANDBS in the 
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same manner as the unit. With AUTHSSD, the commu- 
nications system can authenticate the unit upon receiv- 
ing the AUTHSSD value generated at the unit and com- 
paring the AUTHSSD value generated at the unit with 
the AUTHSSD value determined by the communica-' 
tioriB system. The communications system can also de- 
termine AUTHBS in the same manner as the unit using 
the update key SSD-KEY The communications system 
sends the signature value AUTHBS to the unit, and the 
unit authenticates the communications system by com- 
paring the signature vaiue AUTHBS received from the 
communications system with the signature value AUTH- 
BS generated at tins unit, if the authentication is suc- 
cessful, the unit and the communications system can 
set the value of the communications key SSD to the val- 
ue of the new communications key SSD-NEW. Accord- 
ingly, in this embodiment,- the authentication key SSD- 
A is replaced with the new authentication key 3SD-A- 
NEW. As mentioned above, in this embodiment, the new 
value SSD can be divided into SSD-A and SSD-B where 
SSD-A is used in authentication procedures and the 
SSD-B is used in key generation, for example in gener- 
ating the cipher key Kc, or encryption procedures, 
[0037] Given the new encryption key SSD-B, both the 
unit and the communications system caieu Sate the value 
of cipher key K c where the value K G is equal to the output 
of the CAVE algorithm using the value SSD-B as the key 
input and additional information, such as a sequence 
RAND generated by the communications system, as an 
input as shown by K c - CAVE SSD _ B (RAND). At this 
point, communications between the wireless unit and 
the communications system are permitted and may be 
encrypted using a cryptographic function where the In- 
puts are the message to be encrypted and the key K c . 
The cryptographic functions are specified for code divi- 
sion multiple access (CDMA), time division multiple ac- 
cess (ID MA) and global system mobile (GSM) systems 
by their respective standards, 

[0038] The key update using the update key can he 
carried out periodically, when the wireless communica- 
tions system determines that the shared key SSD may 
be compromised based on certain criteria, when the 
wireless unit returns to the home communications sys- 
tem or a trusted visiting communications system, when 
the A-key is changed, when a new subscription is es- 
tablished to Initialize the SSD value, and/or for other rea- 
sons. Additionally, depending on the embodiment, the 
inputs to the key generation procedures 82 and 84 and 
the signature procedures 86 and 88 can include values 
different from or in addition to those mentioned above 
or inputs derived from those and other values. For ex- 
ample, at least portions of the electronic serial number 
(ESN) of the wireless unit, the phone number (MINI) of 
the wireless unit and/or the IMS! of the wireless unit can 
be used as an input(s) to the key generation and signa- 
ture procedures 82, 84, 88 and 88, The key generation 
procedures 82 and 34 and the signature procedures 86 
and 88 can be hash functions or any one-way crypto- 



graphic function, such as the CAVE algorithm and/or 
SHA-1. Other procedures are possible. 
[0039] Depending on the embodiment, the communi- 
cations for the key update using the update key can take 

s piace between the wireless unit and the home authen- 
tication center (through the visiting authentication center 
it the wireless unit is in a visiting network). In alternative 
embodiments, the key update using the update key and 
portions thereof can be performed in other or different 

io iocations. 

[0040] FIG, 5B shows an embodiment of a key update 
system using the update key to perform a mutual au- 
thentication between the unit and the communications 
system that uses a reduced number of communications 

IS between the home communications system and the vis- 
iting communications system while retaining the new 
communications key SSD -NEW at the home communi- 
cations system. For example, a home communications 
system 90 generates and sends the sequence 

20 RANDSSD along with the update key SSD-KEY to the 
visiting communications system 92 as part of an update 
directive 93/ The visiting communications system 92 
sends the sequence RANDSSD to a unit 94 in an update 
message 98, and the unit 94 uses RANDSSD to gener- 
is ate the update key SSD-KEY. The unit 94 generates the 
sequence RAN DBS and sends RAN DBS to the visiting 
communications system 92 in a random challenge mes- 
sage 98 along with a signature value AUTHSSD gener- 
ated at the unit 94 using the update key SSD-KEY The 

30 ^siting communications system 92 generates the sig- 
nature vaiue AUTHSSD in the same manner as the unit 
94 using the update key SSD-KEY The visiting commu- 
nications system 92 authenticates the unit 94 by com- 
paring the signature value AUTHSSD received from me 

35 unit 94 with the signature vaiue AUTHSSD generated 
at the visiting communications system 92, 
[0941] To reduce the number of communications be- 
tween the home communications system 90 and the vis- 
iting authentication system 92 while maintaining the new 

40 communication key SSD-NEW at the home communi- 
cations system 90, the visiting communications system 
92 generates the signature value AUTHBS using the se- 
quence RAN DBS and the update key in the same man- 
ner as the unit 94. As such, the visiting communications 

45 system 92 does not need to forward the sequence 
RAN DBS to the home communications system 90 nor 
does the home communications system 90 have to send 
the signature value AUTHBS to the visiting communica- 
tions system 92. The visiting communications system 

50 92 sends the signature value AUTHBS in a challenge 
response 100 to the unit 94= The unit 94 authenticates 
the communications system by comparing the signature 
value AUTHBS received from the visiting communica- 
tions system 92 and the signature value AUTHBS gen- 

ss erated at the unit 94. 

[0042] if the comparison is successful, the mutual au- 
thentication is complete, and the unit 94 informs the vis- 
iting communications system 92 of the results of the up- 
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date in a message '102. The visiting communications 
system 92 informs the home communications system 
90 of the results of the update in a message 102 ; tor 
example as part of an authentication report. The mes- 
sage 102 can include additional information, for exam- s 
pica parameters used in the mutual authentication proc- 
ess, such as the signature value AUTHSSD and RAND- 
BS, so that the home communication system can deter- 
mine whether the visiting communications systems did 
a proper update. If the update and mutual authentication w 
is successful, the unit 94 sets the communications key 
SSD (SSD-A and SSD-3) to the new communications 
key SSD-NEW (SSD-A-NEW, SSD-B-NEW). Alter the 
key update, the update key can be discarded. 
[0043] In addition to the embodiments) described 15 
above, the key update system according to the princi- 
ples of the present invention can be used which omit 
and/or add input parameters to the key generation and 
signature procedures and/or use variations or portions 
of the described system. For example, the key update 20 
has been described as using the update key to perform 
a mutual authentication of the unit and the communica- 
tions system ! but the key updatQ can perform a one-way 
authentication by comparing signature values generat- 
ed using the update key. 25 
[0044] Depending on the embodiment, the inputs for 
the key generation and signature procedures can be 
communicated from different sources to the unit, the vis- 
iting communications system and/or the home commu- 
nications system. For example, it the ESN Is used as an 3Q 
input to the signature procedure(s) and the visiting com- 
munications system performs the calculation of AUTH- 
BS and AUTHSSD ; the ESN could be transmitted to the 
visiting communications system from the home commu- 
nications system, it shouid be noted that with regard to 35 
IS-41 , communications between the visiting communi- 
cations system and the home communications system 
are typically carried out each time the wireless unit reg- 
isters with the visiting communications system as op- 
posed to each time a call is made to the unit, it is also 40 
possible to carry out the same procedures when the 
wireless unit is in the home communications system, In 
that case, the home communications system, rather 
than the visiting communications system, communi- 
cates with the unit. The communications between the 45 
unit and the communications system pass through a 
serving base station. 

[0045] Furthermore, the key update system can be 
used with communications systems based on a variety 
of multiple access techniques, such as CDMA, TDMA, 
FDMA or GSM, to update a communications key using 
an update key to perform an authentication in the key 
update. For example, the key update system can be 
used in systems operating under a variety of standards, 
such as. the standard identified as TIA/EIA/IS-2000 5S 
Standards for CDMA 2000 Spread Spectrum Systems, 
the standard identified as EIA/TWiS-553 for Cellular 
System Mobile Station-Land Station Compatibility 



Specification, the standard identified as 18-136 for Cel- 
lular System Dual Mode Mobile Station-Base Station: 
Digital Control Channel or other standards. It should be 
understood that different notations, references and 
characterizations of the various values, inputs and ar- 
chitecture blocks can be used. For example, the func- 
tionality described for the home communications sys- 
tem can be performed In a home authentication center, 
home location register (HLR) and or a home MSG and 
the functionality for the visiting communications system 
can be performed in a visiting authentication center, a 
visitor location register and/or in a visiting MSG, It; 
should be understood that the system and portions 
thereof and of the described architecture can bo imple - 
mented In or integrated with processing circuitry in the 
unit or at different locations of the communications sys- 
tem, or in application specific integrated circuits, soft- 
ware-driven processing circuitry, firmware or other ar- 
rangements of discrete components as would be under- 
stood by one of ordinary skill in the art with the benefit 
of this disclosure. What has been described is merely 
illustrative of the application of the principles of the 
present invention, Thoseskilled in the art will readily rec- 
ognize that these and various other modifications, ar- 
rangements and methods can be made to the present 
invention without strictly following the exemplary appli- 
cations illustrated and described herein and without de- 
parting from the spirit and scope of the present inven- 
tion. 



Claims 

1 . A method of updating a communications key (SSD) 
maintained in a unit (84) for communicating with a 
communications system (85), said method CHAR- 
ACTERIZED BY 

generating a new communications key (SSD- 
NEW) using a secret value (A-KEY) stored in 
said unit (84); 

generating an update key (SSD-KEY) using 
said secret; value (A-KEY) stored In said unit 
(14); 

performing an authentication using said update 
key (SSD-KEY); and 

updating said communications key (SSD) with 
said new communications key (SSD-NEW) af- 
ter said authentication. 

2. The method of claim 1 CHARACTERIZED BY: 

receiving an update sequence (RANDSSD); 
generating said new communications key 
(SSD-NEW) using a secret value (A-KEY) 
stored in said unit (14) and said sequence 
(RANDSSD); 

generating a signature vaiue (AUTHBS) using 
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said update key (SSD-KEY); and 
comparing said signature value (AUTHBS) with 
a signature value (AUTH BS) received from said 
communications system (65) which was gener - 
ated using said update key (SSD-KEY) to per- 5 
form said authentication. 

3. The method of claim 2 further CHARACTERIZED 

BY: 

10 

generating a challenge sequence (RANDBS); 
sending said challenge sequence (RANDBS) 
to said communications system (65); 
generating said signature value (AUTHBS) us- 
ing said challenge sequence (AUTHBS) and ^ 
said update key (SSD-KEY); 
receiving a signature string (AUTHBS) gener- 
ated by said communications system (65) using 
said challenge sequence (RANDBS) and said 
update key (SSD-KEY); and 20 
comparing said signature vaiue (AUTHBS) with 
said signature value (AUTHBS) generated by 
said communications system. 

4. The method of claim 3 CHARACTERIZED BY: 25 

generating a second signature value 
(AUTHSSD) using said update sequence 
(RANDSSD) and said update key (SSD-KEY); 
and 30 
sending said second signature value 
(AUTHSSD) to said communications system 
(65) for comparison with a second signature 
value (AUTHSSD) generated by said commu- 
nications system (65) using said sequence 35 
(RANDSSD) and said update key (SSD-KEY) 
generated at said communications system 
(65). 

5. The method of claim 3 CHARACTERIZED IN THAT 40 
said generating said signature value (AUTHBS) in- 
cludes: 

developing a signature string comprising at 
least portions of said update sequence ^5 
(RANDSSD), said challenge sequence 
(RANDBS) and said update key (SSD-KEY); 
and 

generating said signature value (AUTHBS) 
from at least said signature string. so 

6. The .method of claim 4 CHARACTERIZED IN 
THAT said generating said signature value in- 
cludes: 

55 

developing a second signature string compris- 
ing at least portions of said update sequence 
(RANDSSD), said challenge sequence 



(RANDBS) and said update key (SSD-KEY); 
and 

generating said second signature value 
(AUTHSSD) from at least said second signa- 
ture string, 

7. A method of updating a communications key (SSD) 
maintained in a unit (64) and in a communications 
system (65), said method CHARACTERIZED BY: 

sending to said unit (84) an update sequence 
(RANDSSD) for said unit (64) to generate a 
new communications key (SSD-NEW) using a 
secret value (OA- KEY) in said unit 64); 
sending to said unit (64) a signature value (AU- 
THBS) 'for said unit (84) to compare said signa- 
ture value (AUTHBS) generated at said com- 
munications system using an update key (SSD- 
KEY) derived from a secret value (A- KEY) 
stored in said communications system (85) as- 
sociated with said unit (64); and 
receiving an update confirmation (77) after 
which said communications key (SSD) is up- 
dated with said new communications key 
(SSD-NEW) after said authentication. 

8. The method of claim 7 CHARACTERIZED BY: 

receiving a challenge sequence (RANDBS) 
from said unit (64); and 

generating said signature value (AUTHBS) us- 
ing said challenge sequence (RANDBS) and 
said update key (SSD-KEY). 

9. The method of claim 8 CHARACTERIZED 3Y: 

generating a second signature value 
(AUTHSSD) using said update sequence 
(RANDSSD) and said update key (SSD-KEY); 
and 

receiving a second signature value 
(AUTHSSD) generated at said unit (64) using 
said update sequence (RANDSSD) and said 
update key (SSD-KEY) at said unit (64); 
comparing with said second signature value 
(AUTHSSD) with said second signature value 
(AUTHSSD) generated by said unit (64). 

10. The method of claim 9 CHARACTERIZED IN THAT 
said generating a signature value (AUTHBS) in- 
cluding: 

developing a signature string comprising at 
least portions of said update sequence 
(RANDSSD) : said challenge sequence 
(RANDBS) and said update key (SSD-KEY; 
and 

generating said signature value (AUTHBS) 
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from at least said signature string. 

1 1 . The method of claim 9 CHARACTERIZED IN THAT 
said generating a second signature value 
(AUTMSSD) Including: s ' 

developing a second signature string compris- 
ing at least portions of said update sequence 
(RANDSSD), said challenge sequence 
(RAN DBS) and said update key (SSD-KEY); « 
and 

generating said second signature value 
(AUTMSSD) from at leas! said second signa- 
ture string. 



12. A method of updating a communications key (SSD) 
maintained in a unit (84) and in a home communi- 
cations system (70), said method CHARACTER- 
IZED 3Y: 



15 



29 



generating an update sequence {RANDSSD); 
and 

generating a new communications key (SSD- 
NEW) using a secret value (A- KEY) stored in 
said home communications system (70) and 25 
associated with said unit (84); 
generating an update key (SSD) using said se- 
cret value (A -KEY) and said update sequence 
(RANDSSD); 

updating said communications key (SSD) with so 
said new communications key (SSD-NEW) af- 
ter an authentication is performed with said unit 
(64) using said update key (SSD-KEY). 

13. A method of updating a communications key (SSD) 3$ 
maintained In a unit (84) and in a borne communi- 
. cations system {70) } said method CHARACTER- 
IZED BY: 

receiving an update sequence (RANDSSD) 40 
from said home communications system (70) 
for said unit (64) to generate a new communi- 
cations key (SSD-NEW) using a secret value 
(A- KEY) in said unit (84); 

receiving an update key (SSD-KEY) from said 45 
from said home communications system (70) 
and generated at said home communications 
system (70) using a secret value (A- KEY) as- 
sociated with said unit (64) at said home com- 
munications system (70); so 
performing an authentication with said unit (64) 
using said update key (SSD-KEY); and 
sending to said home communications system 
(70) the results of said authentication. 

55 
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